A criminal operation has been halted by the shutdown of a malicious server in the Cayman Islands, but the attackers are probably now looking for a new home. Prevx researchers recently discovered a site where the trojan Zbot had uploaded the FTP login credentials from more than 68,000 websites, including companies such as Bank of America, BBC, and Symantec. Since then, more than 20,000 additional stolen FTP credentials were used to inject malicious scripts on those sites, Jacques Erasmus, director of research at Prevx, told SCMagazineUS.com. But the attacker's server, based in the Cayman Islands, was shut down on earlier this week. Up until last week, when visiting a compromised website, users were being infected (by means of a drive-by download) with Zbot, a trojan that captures keystrokes to obtains login credentials and... [read full story]
